CRITICAL🇵🇱 Wersja polska

CVE-2026-12846

CVSS 10.0v3.1pub. 2026-06-24upd. 2026-06-25

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);

🤖 AI Analysis
How it works

The DVRSearch service accepts UDP messages without authentication from any host on the network. When processing the received message, the server copies the value of the 'Net Mask' field from the global network configuration structure to a local buffer on the stack using memcpy, with the size of the copied data determined by strlen() without verifying whether it fits in the destination buffer. An attacker who can influence the contents of the net_mask field (e.g., by sending a crafted UDP message beforehand) can cause a stack buffer overflow and overwrite control data, such as the function return address.

Impact

An unauthenticated network attacker can gain full control of the device through remote code execution (RCE) with the privileges of the DVRSearch process, which may lead to compromise of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://www.geovision.com.tw/cyber_security.php). Until updated, it is recommended to isolate the device on the network (firewall, VLAN segmentation) and block unauthorized access to UDP port 10001 from untrusted network segments.

Who is affected

GeoVision GV-I/O Box 4E device — versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References